LAPTOPS and mobile telephones supplied with the aid of Glasgow City Council were misplaced, growing the threat of information no longer being deleted thoroughly.
An inner audit into the Council’s IT signs found examples of lacking gadgets, raising issues over information protection. It has also highlighted issues over whether or not the Council is receiving fine value for money. Nine recommendations have been outlined to combat the dangers, with three marked as a high precedence.
Duncan Black, the Council’s Head of Audit and Inspection, said: “The failure to accurately song all ICT belongings means that the Council might not be best managing its ICT estate for you to relaxed value for money.
“There is likewise a threat that lost belongings aren’t recognized and investigated timeously, although the threat of any touchy or valuable information loss is mitigated in which gadgets are encrypted.” Over 10,000 gadgets, such as laptops and mobile telephones, are used throughout the Council to resource bendy working.
The look at found there are policies in the vicinity to ensure the team of workers realizes their responsibilities on “facts protection,” but these can be furthermore suitable.
It states tactics for movers or leavers are uncertain, with a team of workers now not usually advising IT of any adjustments that affect the sign-ins accuracy. Sample checking observed an “enormous variety of errors” at the sign-in. The audit also discovered disposal strategies weren’t usually followed. This protected stock of no longer required Apple devices that have been saved in an open plan office once they must be thrown away, and any other batch of 97 gadgets that had been either lost or not disposed of efficiently.
Mr. Black stated: “The gadgets have to have been lower back to the IT issuer and securely disposed of; however, the prices associated with this were deemed to be too luxurious.
“As a result, 56 of the gadgets had been either back to the producer or disposed of by way of an electronics recycling business enterprise. The last 41 devices are unaccounted for and taken into consideration lost.
“There is an elevated hazard that, wherein gadgets have no longer been disposed of via the agreed channels, statistics is not deleted to expected requirements.”
There is some mitigation when gadgets are misplaced as Active Directory; the Council’s network authentication service is disabled once inactive for 90 days or more. But Mr. Black’s file admits more may be finished to trace those devices.
A list of enhancements is set out inside the audit file. These consist of making sure there may be an up-to-date leaves and movers manner so all IT changes are contemplated in the register. It also recommends all devices are disposed of through an agreed process, and missing objects are reported.